Online Maliciousness Results in Online Protections 09/23/97 06:19:26 PM By L.A. Lorek, Sun-Sentinel, South Florida Knight-Ridder/Tribune Business News Sep. 14--Vandalism online, hacking attacks, viruses. Like a bad neighborhood in a big city, the Internet can pose potential dangers to computer users. ``All people have to do is visit the wrong site online, and they can be confronted with computer crime,'' said Stephen Cobb, with Cobb Associates, an information security company based in Titusville. A growing rank of cyberintruders commit crimes and pranks of every ilk -- snooping into files, stealing credit card numbers, sabotaging computers, hiding pornography and pirated software on unsuspecting corporate machines, and planting worms or viruses that cause computers and networks to break down. The threat to businesses and government organization is great -- not just from hackers, but from disgruntled employees who have access to a company's computer networks. Home computer users also may fall victim to computer crime by downloading files containing viruses or malicious code that could wipe out the data on their hard drives. Internet surfers have increasingly become targets of computer vandals who can use weaknesses in Internet Web browsing software to tap into personal files and wreak havoc. This year, companies worldwide are expected to spend $6.3 billion on security for their computer networks, estimates Dataquest, a San Jose, Calif.-based market research firm. By 2000, that figure is projected to more than double to nearly $12.9 billion. Computer hackers pose a serious threat to national security with the Pentagon suffering as many as 250,000 attacks on its computers in 1995, according to a General Accounting Office report released last year. Pentagon figures suggest that in about 65 percent of those efforts, hackers were able to gain entry to a computer network. The report said the hackers stole information on the methods military commanders use to relay secret intelligence during wartime. They also have broken into several Defense Department sites and browsed electronic mail systems for messages that contained the key words ``nuclear,'' ``weapons'' or ``missile.'' ``The potential for catastrophic damage is great,'' Cobb said. Meanwhile, corporate America worries about electronic fraud on international funds transfer networks, corporate espionage on business networks and hackers breaking into systems on the Internet. To guard against computer crime, most companies have firewalls -- a combination of software and hardware that blocks unauthorized users from accessing their computer network. Both companies and consumers install anti-virus programs on their computers that run checks on software floppy disks and programs downloaded from the Internet. The Internet poses a whole new range of dangers because every time someone surfs the World Wide Web, the computer downloads data. Vandalism online is now one of the biggest threats to web surfers. Vandal programs are applications that require Web surfers to download programs called ``plug-ins'' to watch video or receive real-time sports scores and stock prices. Sometimes malicious code can be hidden in these programs that can wipe out hard drives, lock up computer systems and more. Computer criminals have become ever more technically sophisticated, and it's an increasing challenge to keep up with their methods, said Moti Dover, president of ESafe Technologies, based in Pembroke Pines. For example, some students in Germany created a Web page that invited people to register to win a $50,000 prize. While visiting the site, the students used computer code known as a ``cookie'' to search the visitor's computer hard drive for an online banking program. If it had one, the German students automatically mailed the bank an invoice for $20 and programmed the computer to pay it. Within a few months, they collected $640,000. ``Viruses are a known problem, but vandalism is something that is pretty unknown until it happens,'' Dover said. ``We have found seven different places on the Web where people are doing this.'' ESafe makes a program called ESafe Protect that blocks foreign programs that contain malicious code or viruses from launching on a computer. The program would have blocked the German sweepstakes hackers by alerting the computer user to the intrusion. It's one of dozens of programs available to guard against computer criminals. Two other South Florida companies, Boca Research and Cyberguard make Internet firewalls and virus protection programs to keep computers safe. A survey by the Computer Security Institute conducted on behalf of the FBI's computer-crime unit, estimated computer security losses last year at $100 million. The survey of 250 companies and organizations tallied losses from fraud, theft of trade secrets and other computer security breaches. Less than 15 percent of all intrusions into corporate computer systems are reported to law-enforcement agencies, according to the FBI. That's mainly because organizations often fear that their customers, stockholders and employees will lose faith in the company if they learn its computer system has been attacked. Of the computer crimes that are reported, few are ever solved. Although discussions of computer security tend to focus on outside attackers, most computer crimes and security incidents result from employee error or intentional attack from within a company or organization, according to Computer Crime, a Crimefighters Handbook, a book by FBI agents David Icove, Karl Seger and William VonStorch that began as a training manual. Outside attacks make up less than 3 percent of all computer crimes, and viruses account for 4 percent. Most computer data losses, 55 percent, occur because of human error. Another 19 percent are caused by dishonest or disgruntled employees. Still, information security risks have increased in the past two years, according to a survey released Wednesday by Ernst & Young of 4,226 technology executives from 24 countries. More than half of the respondents expressed a lack of confidence that their systems could withstand internal attacks, while more than a third lacked confidence that their networks could weather an external assault. And more than half have been hit with a crippling computer virus. Today, more than 450 hacker bulletin boards exist online, and more than 1,000 Web sites offer hacking tips and tools online. Dozens of hacker publications such as 2600: The Hacker Quarterly offer advice on exploiting weaknesses in computer systems. ``There are a lot of horror stories out there,'' said Allan Mohess, product manager for Boca Research. Earlier this year, Boca Research deviated from its main mission of making computer modems to launch its first software program called DataSecure that provides a firewall, anti-virus protection and data encryption services in one box. ``It's really an education on the users' standpoint,'' Mohess said. ``You've got to know about the danger to know what to do to prevent it.'' Useful Software: -- Symantec (http://www.symantec .com) Norton AntiVirus 2.0 has expanded protection features to keep your computer safe from infection when you download from the Internet or other online services, use e-mail, share floppy disks or work on a network. It costs $49.95 and is available for Windows 3.1, Windows 95 and Windows NT. -- McAfee (http://www.mcafee .com) VirusScan Deluxe 3.0 offers real-time virus protection plus automatic desktop and Internet file backup, lifetime updates on virus signature data files and one year of free VirusScan upgrades. -- ESafe Technologies (http://www.esafe .com) ESafe Protect, an anti-vandal software program, allows people to download programs from online sites but blocks any program from launching on the computer if it contains a virus or malicious code. The program costs $69.95 and runs on Windows 95. -- Boca Research (http://www.bocaresearch.com) Data Secure contains a firewall, encryption and anti-virus program in one package. It costs $59 and runs on Windows 95. -- Pretty Good Privacy (http://www.pgp.com) This company makes encryption software that has become the industry standard. Its Personal Privacy Version 5.0 costs $69 and is available for Windows 95, Windows 4.0, Macintosh and Unix. More Information: -- Cypherpunks Home Page (http://www.ftp.csua. berkeley.edu/pub/ cypherpunks/Home.html) Here you can find links to Pretty Good Privacy sites, remailers, various crypto-tools, newspaper clippings and a good deal of other things. -- Electronic Privacy Information Center: Computer Security (http://www.epic.org/security/) This site has government reports on security issues, recent hacking incidents, laws about computer fraud and abuse and information about books on hacking. -- Princeton University Secure Internet Programming (http://www.cs.princeton.edu/sip/) The lab studies widely used Internet software, especially mobile code systems such as Java, ActiveX and JavaScripts. -- CERT Coordination Center (http://www.cert.org/) Founded in 1988, this center located at the Software Engineering Institute of Carnegie Mellon University serves as a focal point for the computer security concerns of Internet users. -- National Computer Security Association (http://www.nsca.com) This independent organization promotes commercial digital security. It has a paper on Web site security and links to companies and organizations in the security field. ----- Visit the Sun-Sentinel on the World Wide Web at http://www.sun-sentinel.com/ ----- (c) 1997, Sun-Sentinel, South Florida. Distributed by Knight-Ridder/Tribune Business News. END!A$19?FL-SECURITY AP-NY-09-23-97 1919EDT